Users of online social networking sites beware!

The worldwide web is now the primary conduit of virus attacks and hackers are particularly targeting social networking sites, a recent report said.

As opposed to network attacks, online users can increasingly be infected by viruses by simply visiting everyday Web sites, the 13th edition of the Internet Security Threat Report prepared by leading security provider, Symantec Corporation said.

“The individual continues to be the weakest link in internet security. Attackers can compromise the end user to steal confidential data including personal information, corporate information stored insecurely on the end user's computer," Symantec Security Response Director, Prabhat Singh, told PTI.

On a rough estimate, five to six million Indians are involved in social networking and about 25-75 per cent of online time is spent on a social networking site by Indians between the age group of 13-35, a research by AC Nielsen said.

The second serious threat is for the users who are common users of videos and pictures, he said. “Attackers use this to dupe users into installing fake codes and setup applications,” he said adding that the attackers are using breaking news links to attract users on these sites, as well.

The Symantec report has found that India ranks high on the global virus and worm prevalence charts and observed that malicious activity in the form of worms, viruses and trojans is on the rise. More than 65 per cent of such attacks in India were through worms as compared to the global average of 22 per cent.

“This is a clear indication that basic security patch updates are not being installed by users,” it said adding that viruses and trojans comprise about 15-18 per cent of the total malware in India.

Particularly of concern to Indian enterprises and consumers were the increasing botnet activities. Bot is a programme used on the Internet that performs a repetitive function such as posting a message to multiple newsgroups.

India had 38,502 bot-infected computers and more than 60 command and control servers, a 50 per cent increase from the last reporting period. A majority of bot-infected computers were tracked in Mumbai (56 per cent), Chennai (16 per cent) and New Delhi (14 per cent), the report said.

The Symantec report has also found that the Indian financial sector continues to remain vulnerable to phishing attacks, an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.

Symantec observed 345 unique phishing URLs hosted in India and also over 400 unique phishing attacks on reputable Indian banks.

“Though the banks have done some serious efforts to install tough security standards, the individual users and also the internet service providers have to be serious about the threat,” Singh said.

“The Internet service providers will have to take more realistic approach to ensure the security of the end users,” he added.

Symantec India Managing Director, Vishal Dhupar, said that attackers are leveraging a maturing underground economy to buy, sell and trade stolen information. “The sale of malicious services, outsourcing of resources such as phishing hosts and spambots, and bulk pricing are signs of a robust economy. These factors in the underground economy indicate that business is booming,” he added.